An evaluation technique for network intrusion detection systems
D Zhang, C Leckie
ACM International Conference Proceeding Series | Published : 2006
Various algorithms have been developed to identify different types of network intrusions, however there is no heuristic to confirm the accuracy of their results. The exact effectiveness of a network intrusion detection system's ability to identify malicious sources cannot be reported unless a concise measurement of performance is available. This paper addresses the need for an evaluation technique and proposes a comparison technique for current scan detection algorithms that can accurately measure the false positive rate and precision of identified scanners. © 2006 ACM.